Creating Classification Labels and Policies in Azure Information Protection

1 Reply

Information Rights Management is a subset of Digital Rights Management technologies which prevents sensitive information from the risk of accidental, unauthorized modification, deletion and misuse

Azure Information Protection ( AIP ) is a Service offered by Microsoft which gives the features and functionalities of Information Rights Management. With AIP, an organization can classify, label  and protect the sensitive information, which enables them to  have visibility over the different types of Sensitive data across the locations

Steps to Configure Policies in Azure Portal

Before we configure the Global polices, it is always recommended to get the Taxonomy crisp and clear. Do not create too many labels and sub-labels

Here in this example, I am keeping the taxonomy straight forward

Restricted – For highly sensitive content

Confidential – For Sensitive content

Internal – For the content within the Organization

Public – For all other content

Steps to configure Labels and Policies in Azure Portal 

Login to Azure Portal 

Search for Azure Information Protection

1.PNG

 

Add new label 

2.PNG

Give a name to the label and add description. Navigate to Protect and add the users/members for consuming the permissions

Protection Settings: Select Azure Key/HYOK  as per the organization structure, give file expiration settings and add permissions based on the AD group or individual recipient addresses. Set the permissions(co-owner, co-author, reviewer, viewer etc.) as appropriate

3.PNG

 

I created four labels as Internal, Public, Confidential & Restricted

3

 

Create a policy to map this label

Select the policies under classifications and hit on ‘ Add a new Policy’

4.PNG

Give a name to the policy and select the label from the drop down list to which this policy to be applied.

1

Now, as we created labels and polices in Azure portal, let us verify if these are getting reflected in the clients machines.

Prerequisites for installing AIP Agent in Clients:

  1. Azure Active Directory : Make sure the on-premise identities are in sync with Azure identities. Azure AD Connect is used to sync the identities. If the users are in O365, they can directly download the office apps from portal.office.com
  2. Supported client platforms: Windows 7 (SP1), Windows 8, Windows8.1, Windows10 with .Net Framework 4.6.2
  3. Office Applications: Office 365 Pro plus, Office Professional Plus  2019/2016/2013(SP1)/2010(SP2)
  4. Connectivity to Azure Services over internet: Make sure that the URL’s are allowed and necessary ports are open as per Network Prerequisites
  5. Download AIP client from here

 

Installing AIP client

4.PNG

 

5.PNG

 

Sign into Office apps with the Organization account which is enabled with AIP License and as you open them, you see the labels appearing in the apps

 

6

 

8.PNG

 

Now, the labels when selected, the policies configured for each label will be applied to the content and the sender of the email or author of the document will have visibility on the content life cycle

 

 

 

 

 

 

 

 

 

 

Advertisement

1 thought on “Creating Classification Labels and Policies in Azure Information Protection

  1. Pingback: Enforcing protection controls to different recipients with Azure Information protection | Tech Ripples

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s